imageI was working for a company who supported their customer’s services with a self-created software platform. This software had all the encryption processes and tokens in place to protect the data flow from one system to another. During a security review, a security vulnerability was discovered that was publicly exposed, allowing anyone with specific information to view the confidential data of the customer’s session—simply copy/pasting into a URL would allow access to the individual’s account. Unfortunately, to fix the problem with the exposed token, the development team would need to perform a major systems overhaul.
